Multi Location VPN / DMZ / ACL Configutration Assistance Request

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Multi Location VPN / DMZ / ACL Configutration Assistance Request

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Multi Location VPN / DMZ / ACL Configutration Assistance Request
Multi Location VPN / DMZ / ACL Configutration Assistance Request
2021-10-17 00:42:52 - last edited 2021-10-17 00:43:59
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version:

Hi Folks,

I need some guidance and examples for a multi location setup I'm working on.  My time is short and getting used to the GUI as well as handling a hundred other fires at the same time has me not being able to get it together the way I need to.

 

I have this configuration about to be installed:

ISP Modem > ISP Router > ER605 in DMZ w/ VPN > Client Nodes Wired (10.10.x.x) and Wifi AP + 3rd Party Router > 3rd Party Server (10.10.10.99)

 

ER605

- has to deny all random inbound traffic

- has to allow VPN from multiple inbound sources in the Co. (those I think I've gotten right)

- has to allow a white list of various IP addresses and domain names to port forward through to the 3rd party router.

- anything on the VPN has to be able to access any nodes anywhere in any of the locations like printers (just asking for some confirmation on this)

 

My info has been based on this document: https://www.tp-link.com/us/support/faq/2026/ I'm just having difficulty in configuring the rules I need in the proper order.

If I'm not in the right spot there, let me know.

 

What rules would securely make this happen (based off the gui) and the order they go in? 

TBH, It's been a while since I needed to do something like this and really, any assistance and advice is truly appreciated.

 

I know it's:

DENY ALL inbound

ALLOW X Y Z Whitelist

FORWARD PORTS 1 2 3 4 to .99

 

...but how to integrate it into this GUI is giving me grief in translating the age barrier from when I did this last.

  0      
  0      
#1
Options
1 Reply
Re:Multi Location VPN / DMZ / ACL Configutration Assistance Request
2021-10-28 09:56:54

@IGL 

 

If you set ACLs , it is recommended to set the allowed entries first, then set the one that prohibits all entries.

The rest of the settings should be fine if the IP is filled in correctly.

Just striving to develop myself while helping others.
  0  
  0  
#2
Options

Information

Helpful: 0

Views: 444

Replies: 1